🤖 denopendabot
Denopendabot is a GitHub App, GitHub Action, and Deno module to keep the dependencies of your Deno projects up-to-date.
Obviously inspired by Dependabot, and making up for their missing support for Deno.
Warning
Still under development. Many bugs might remain. Any breaking changes may be introduced on each Feature release.
🪄 Features
Update Deno modules
import $ from "https://deno.land/x/dax@0.14.0/mod.ts";
- import $ from "https://deno.land/x/dax@0.14.0/mod.ts";
+ import $ from "https://deno.land/x/dax@0.15.0/mod.ts";
Denopendabot takes advantage of the core engine of udd, one of the most widely used module update libraries for Deno, which supports many registry domains.
Update GitHub repositories
- uses: denoland/setup-deno@v1
with:
deno-version: v1.26.0 # @denopendabot denoland/deno
- deno-version: v1.26.0 # @denopendabot denoland/deno
+ deno-version: v1.26.1 # @denopendabot denoland/deno
Denopendabot can also update release versions of GitHub repositories, specified
by comments of @denopendabot {owner}/{repo}
.
Create pull requests
- Commits are created for each updated module/repository individually
- Each run of Denopendabot creates only one pull request
See the example pull requests.
🚀 Getting started
GitHub App
The easiest way to use Denopendabot is to install the GitHub App and create a workflow to run it:
name: Denopendabot
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *" # modify to your convenient time
jobs:
update:
name: Run
runs-on: ubuntu-latest
steps:
- uses: hasundue/denopendabot@0.8.1 # @denopendabot hasundue/denopendabot
mode: app
auto-merge: all # optional
This workflow dispatches a denopendabot-run
repository event, and an instance
of the app receives it to perform the procedure on Deno Deploy.
See the next section for the details of the workflow.
Warning
Denopendabot requires write access to your workflows, which technically enables the bot to perform script injection on your repository. Install the app only if you are sure that it is reliable.
GitHub Action
If you want Denopendabot to run in an environment under your control for security reasons, you can use our GitHub Action.
The action needs a GitHub access token authorized to run workflows.
secrets.GITHUB_TOKEN
is used by default and it works fine in most cases.
If you want to update workflow files (.github/workflows/*.yml
), it also needs
a private access token with the workflow
scope. In the examples below, we
assume the token is added in repository secrets as GH_TOKEN
.
name: Denopendabot
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *" # modify to your convenient time
jobs:
update:
name: Update
runs-on: ubuntu-latest
steps:
- uses: hasundue/denopendabot@0.8.1 # @denopendabot hasundue/denopendabot
with:
user-token: ${{ secrets.GH_TOKEN }}
See action.yml for other options.